NET 536Network Security

Download Report

Transcript NET 536Network Security 

NET 536
NETWORK SECURITY
Networks and
Communication
Department
Lab 3: IDSs Exercises
Question # 1
2
A taxicab was involved in a fatal hit-and-run accident
at night. Two cab companies, the Green and the Blue,
operate in the city. You are told that:
• 85% of the cabs in the city are Green and 15% are Blue.
• A witness identified the cab as Blue.
The court tested the reliability of the witness under the
same circumstances that existed on the night of the
accident and concluded that the witness was correct in
identifying the color of the cab 80% of the time.
What is the probability that the cab involved in the
incident was Blue rather than Green?
21-Jul-15
Networks and Communication Department
Answer Q#1
3
Let WB equal the event {witness reports Blue cab}.
Then:
Pr [Blue/ WB]=

Pr[ WB/Blue] Pr[Blue]
=
(Pr[ WB/Blue] Pr[Blue] + Pr[ WB/Green] Pr[Green] )
=
(0.8 ) (0.15)
(0.8)(0.15)+(0.2)(0.85)
= 0. 41
This example, or something similar, is referred to as "the
juror's fallacy."
21-Jul-15
Networks and Communication Department
Question#2
4
Assume that passwords are selected from four-character
combinations of 26 alphabetic characters. Assume that an
adversary is able to attempt passwords at a rate of
one per second.
a. Assuming no feedback to the adversary until each attempt
has been completed, what is the expected time to discover
the correct password?
b. Assuming feedback to the adversary flagging an error as
each incorrect character is entered, what is the expected
time to discover the correct password?
21-Jul-15
Networks and Communication Department
Answer Q#2
5
a. T =
𝟐𝟔𝟒
𝟐
= 228488 seconds
228488
=
(60x60)
= 63.5 hours
b. Expect 26/2= 13 tries for each digit.
T = 13 x 4 = 52 seconds.
21-Jul-15
Networks and Communication Department
Question#3
6
Assume that passwords are limited to the use of the
95 printable ASCII characters and that all passwords
are 10 characters in length. Assume a password
cracker with an encryption rate of 6.4 million
encryptions per second.
How long will it take to test exhaustively all possible
passwords on a UNIX system?
21-Jul-15
Networks and Communication Department
Answer Q#3
7
There are 9510 = 6x1019 possible passwords.
The time required is:
6 x 1019 passwords
= (6.4 x 106 passwords / second)
= 9.4 x 1012 seconds
=
9.4 x 1012 seconds
60𝑥 60 𝑥 24𝑥 360
300, 000 years
21-Jul-15
Networks and Communication Department